Security Updates and Vulnerability Announcements for June 1, 2009

High

RHEL 4 Critical, RHEL 5 Important NTP Security Update

A buffer overflow was discovered in the NTP daemon's authentication when using public key auth. A remote attacker could exploit this flaw to cause a buffer overflow, taking control of the process. RHEL 5 is also affected but is only vulnerable to crashing, not code execution. (Ref: https://rhn.redhat.com/errata/RHSA-2009-1040.html and https://rhn.redhat.com/errata/RHSA-2009-1039.html)

RHEL 4.8 and CentOS 4 Kernel Updates

This kernel update addresses two security issues: one allowed for local privilege escalation using the exit() notify function, the other was a bug with the Network File System (NFS) daemon which could lead to a denial of service condition during file mounting (Ref: https://rhn.redhat.com/errata/RHSA-2009-1024.html)

Moderate

RHEL 4, 5, CentOS 4, 5 Thunderbird Security Update

Problems were found in Thunderbird's handling of malformed HTML messages that could lead to crash or execution of arbitrary code with the privileges of the user running Thunderbird. These issue require JavaScript support enabled (it is disabled by default). (Ref: https://rhn.redhat.com/errata/RHSA-2009-0258.html)

RHEL 5 and CentOS 5 Apache updates

The apache web server on RHEL 5 and CentOS 5 was discovered to contain a denial of service flaw that could allow a remote attacker to induce a resource exhaustion condition. The problem relates to a flaw in mod_ssl handling of SSL enabled connection requests. There is also a flaw that could allow local users to execute commands from a Server Side Include (SSI) when a specific combination of "Options" and "AllowOvreride" conditions were specified in Apache configuration. (Ref: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678 and http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195)

RHEL 5 and CentOS 5 Ipsec-Tools

A denial of service vulnerability was discovered in the ipsec-tools racoon daemon that could allow a remote attacker to crash the racoon service. A memory leak flaw was also discovered that could allow a remote attacker to cause a resource exhaustion denial of service attack against the target server by causing the racoon service to consume all available memory. (Ref: https://rhn.redhat.com/errata/RHSA-2009-1036.html)

RHEL 4 nfs-util Updates

nfs-utils was found to have a flaw in it's implementation of tcpwrappers support which could result in administrators believing protections were enabled when in fact they were not. The update also fixes several bugs. (Ref: https://rhn.redhat.com/errata/RHSA-2009-0955.html)

Pidgin Remotely Exploitable Buffer Overflow and Remote Code Execution Vulnerabilities

A buffer overflow flaw was found in the Pidgin instant messaging client. If a client initiates a file transfer with the XMPP protocol (which is used by Jabber and Google Talk), and the remote target sends a malformed response, it could cause a crash or potentially the execution of arbitrary code with the permissions of the user. Also, an incomplete fix of an integer overflow flaw in Pidgin's MSN protocol handler was discovered. A Pidgin client on a 32-bit platform receiving a crafted MSN message may execute arbitrary code with the permissions of the user. An additional denial of service through crashing flaw was found as well. Updates are available for all systems. (Ref: https://rhn.redhat.com/errata/RHSA-2009-1060.html)

FreeType Interger Overflow Vulnerability

FreeType, a font engine, has been found to contain several integer overflow flaws. If an application which linked against freetype loaded a crafted font file, it could crash or, possibly, execute arbitrary code with the privileges of the application's user. (Ref: https://rhn.redhat.com/errata/RHSA-2009-1061.html)

SquirrelMail Multiple Vulnerabilities

Several cross site scripting (XSS) vulnerabilities were discovered in SquirrelMail (http://www.squirrelmail.org) as well as a remote code execution vulnerability that could allow attackers to run arbitrary commands on the server. Upgrading to the latest version (http://www.squirrelmail.org/download.php) is highly recommended.

Low

RHEL 4 Updated util-linux Package

Several problems were addressed in the util-linux package that affected logging log in attempts with the audit subsystem, VMware ESX partitions, null usernames during login, nfs man pages, NFS mounts dying after being backgrounded, mount ignoring fstab, and failure of mount to update mtab in certain situations. (Ref: https://rhn.redhat.com/errata/RHSA-2009-0981.html)